6 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-42905
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In wolfSSL before 5.5.2, if callback functions are enabled via the WOLFSSLCALLBACKS flag, then a malicious TLS 1.3 client or network attacker can trigger a buff...
BELL-CVE-2022-42905 CVE-2022-42905 does not affect BellSoft software
Bulletin has no description...
wolfSSL 5.5.2 WOLFSSL_CALLBACKS Heap Buffer Over-Read Vulnerability
wolfSSL before 5.5.2: Heap-buffer over-read with WOLFSSLCALLBACKS ==================================================================== INFO ======= The CVE project has assigned the id CVE-2022-42905 to this issue. Severity: 9.1 CRITICAL Affected version: before 5.5.2 End of embargo: Ended October...
wolfSSL WOLFSSL_CALLBACKS Heap Buffer Over-Read
wolfSSL before 5.5.2: Heap-buffer over-read with WOLFSSLCALLBACKS ==================================================================== INFO ======= The CVE project has assigned the id CVE-2022-42905 to this issue. Severity: 9.1 CRITICAL Affected version: before 5.5.2 End of embargo: Ended October...
CVE-2022-42905
In wolfSSL before 5.5.2, if callback functions are enabled via the WOLFSSLCALLBACKS flag, then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. WOLFSSLCALLBACKS is only intended for debugging...
CVE-2022-42905
CVE-2022-42905 affects wolfSSL prior to 5.5.2. When WOLFSSL_CALLBACKS is enabled, a malicious TLS 1.3 client or network attacker can trigger a heap buffer over-read (at least 5 bytes). This impacts confidentiality and availability (per CVSS). The flaw originates in the way callbacks are handled a...